Entities allowed before slashes on a protocol relative URL

Safari logo 4
Firefox logo 4
Chrome logo 4

You can place whitespace before slashes, this vector finds out what entities you can place before them.

Created by: hackvertor

Created on: Saturday, July 6, 2024 at 12:12:14 PM

Updated on: Friday, December 6, 2024 at 4:34:33 PM

Vector type: JS

Vector charset: UTF-8

Code used before fuzz:
const div = document.createElement('div')
Template used:
div.innerHTML='<a href="$[data1]//example.com">';
if(div.querySelector('a').host === 'example.com') {
   log('$[data1]');
}
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...

Sample payloads

div.innerHTML='<a href="&bsol;//example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&bsol;');
}
div.innerHTML='<a href="&NewLine;//example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&NewLine;');
}
div.innerHTML='<a href="&sol;//example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&sol;');
}
div.innerHTML='<a href="&Tab;//example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&Tab;');
}

Fuzz results

Safari logo
Safari 17.5 mobile iOS 17.5.1

Updated

Sat Jul 06 2024
Found 4 results
Loading...
Firefox logo
Firefox 127.0 desktop macOS 10.15

Updated

Sat Jul 06 2024
Found 4 results
Loading...
Chrome logo
Chrome 130.0.0.0 desktop macOS 10.15.7

Updated

Mon Oct 28 2024
Found 4 results
Loading...